CN112330332A - Methods, computing devices, and media for identifying fraud risk with respect to node tasks - Google Patents

Methods, computing devices, and media for identifying fraud risk with respect to node tasks Download PDF

Info

Publication number
CN112330332A
CN112330332A CN202110005191.0A CN202110005191A CN112330332A CN 112330332 A CN112330332 A CN 112330332A CN 202110005191 A CN202110005191 A CN 202110005191A CN 112330332 A CN112330332 A CN 112330332A
Authority
CN
China
Prior art keywords
task
predetermined
determining
node
risk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110005191.0A
Other languages
Chinese (zh)
Other versions
CN112330332B (en
Inventor
蔡震宇
张青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Bake Information Technology Co ltd
Nanjing Zhishanying Technology Co ltd
Original Assignee
Shanghai Bake Information Technology Co ltd
Nanjing Zhishanying Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Bake Information Technology Co ltd, Nanjing Zhishanying Technology Co ltd filed Critical Shanghai Bake Information Technology Co ltd
Priority to CN202110005191.0A priority Critical patent/CN112330332B/en
Publication of CN112330332A publication Critical patent/CN112330332A/en
Application granted granted Critical
Publication of CN112330332B publication Critical patent/CN112330332B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present disclosure relates to a method, computing device, and storage medium for identifying a risk of fraud regarding a node task. The method comprises the following steps: the method comprises the steps of obtaining operation information and position information of a plurality of preset operations of a task node aiming at preset applications; in response to determining that the predetermined time interval has been reached, determining a total number of target areas and a number of identical target areas associated with the plurality of location information; calculating the concentration of the positions of the task nodes in a preset time interval; in response to determining that the concentration is greater than or equal to a predetermined concentration threshold, associating the task node with a risk identification; and carrying out risk management and control operation on the node tasks distributed to the task nodes and the data about the task objects from the task nodes. The method and the system can effectively identify the transaction risk, ensure the convenience of the user and the system and accurately identify the fraud risk related to the node task.

Description

Methods, computing devices, and media for identifying fraud risk with respect to node tasks
Technical Field
The present disclosure relates generally to transaction security techniques, and in particular, to methods, computing devices, and computer-readable storage media for identifying fraud risk with respect to node tasks.
Background
With the development of internet technology, people can not only purchase goods through the internet, but also apply for and obtain financial products or services such as insurance through the internet. Financial products or services such as insurance have high requirements on the authenticity of user information, so that business personnel are required to assist in identifying false information and fraud possibly occurring in the application process of the financial products or services in a mode of identifying the financial products or services in the same place with the user (such as face-to-face signing, visiting and the like).
Conventional schemes for identifying fraud risk include, for example: the method comprises the steps that business personnel acquire or investigate attribute information of a user from a position where the user is located through mobile equipment, obtain a user signature on the spot, confirm whether the user has bad records and whether the user information has unreal content, and assist the user in applying for financial products or services and the like, so that convenience of the user in applying for financial products or services such as insurance and the like can be improved, and safety in the approval process of the financial products or services can be guaranteed to a certain extent. However, in the above conventional scheme for identifying fraud risk, the authenticity of information such as user attribute information and user signature is mainly collected and determined by a service person performing a task, and therefore, it is difficult to systematically and accurately identify fraud risk caused by fraudulent behavior of a task node or an abnormal customer origin.
In summary, the conventional scheme for identifying the fraud risk is difficult to systematically and accurately identify the fraud risk caused by the fraud behavior of the task node or the abnormal customer source, and the like, so that the convenience of the user and the systematic and accurate identification of the fraud risk cannot be simultaneously ensured.
Disclosure of Invention
The present disclosure provides a method, a computing device, and a computer-readable storage medium for identifying a fraud risk with respect to a node task, which can simultaneously secure convenience of a user and a system and accurately identify a fraud risk with respect to a node task.
According to a first aspect of the present disclosure, there is provided a method for identifying a risk of fraud regarding a task of a node, the method comprising: at a management device, acquiring operation information and a plurality of position information of a plurality of predetermined operations of a task node for a predetermined application, the operation information indicating at least attributes of the plurality of predetermined operations and a plurality of corresponding times at which the task node performs the plurality of predetermined operations, each of the plurality of position information indicating a location at which the task node is located when the corresponding predetermined operation is performed, the task node including a mobile device; in response to determining that the predetermined time interval has been reached, determining a total number of target areas and a number of identical target areas associated with the plurality of location information based on distances between the plurality of location information; based on the number of the same target areas and the total number of the target areas, calculating the concentration of the positions of the task nodes when the task nodes execute a plurality of preset operations within a preset time interval; in response to determining that the concentration is greater than or equal to a predetermined concentration threshold, associating the task node with a risk identification, the predetermined concentration threshold being associated with a predetermined time interval; and performing risk management and control operation on the node tasks distributed to the task nodes and the data about the task objects from the task nodes at least based on the risk identification. The method disclosed by the invention can simultaneously ensure the convenience and the system of the user and accurately identify the fraud risk related to the node task.
According to a second aspect of the present invention, there is also provided a computing device comprising: one or more processors; and storage means for storing the one or more programs which, when executed by the one or more processors, cause the apparatus to perform the method of the first aspect of the disclosure.
According to a third aspect of the present disclosure, there is also provided a computer-readable storage medium. The computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the method of the first aspect of the disclosure.
In some embodiments, the method for identifying a risk of fraud regarding a node task further comprises: acquiring a plurality of historical position information corresponding to a plurality of task nodes executing a predetermined operation aiming at a predetermined application so as to form a historical position information sample set; selecting a part of amount of historical position information from the plurality of pieces of historical position information as class cluster centers of the plurality of class clusters; for each remaining historical position information except for the plurality of cluster centers in the historical position information sample set, respectively determining a plurality of distances between the remaining historical position information and the plurality of cluster centers so as to distribute the remaining historical position information to the cluster to which the cluster center closest to the remaining historical position information belongs; updating a cluster center of a cluster based on a plurality of historical position information allocated to the cluster for each of a plurality of clusters to which the cluster centers belong; determining whether a plurality of cluster centers of the plurality of clusters no longer change; in response to determining that the cluster centers of the plurality of clusters do not change, sorting in a descending manner for the intra-cluster distances of the historical location information in the clusters and the corresponding cluster centers; and in response to determining that the distance between the two clusters with the predetermined sorting order satisfies a predetermined condition, determining an area within a predetermined range from the historical position information associated with the cluster center as a risk area.
In some embodiments, determining that the two intra-cluster distances having the predetermined ordering order satisfy the predetermined condition comprises: determining the sorting order as a first and a second first intra-cluster distance and a second intra-cluster distance respectively; in response to determining that the first intra-cluster distance is greater than or equal to a predetermined multiple of the second intra-cluster distance, taking historical location information associated with the cluster center as risk historical location information; and determining an area within a predetermined range from the risk history location information as a risk area.
In some embodiments, wherein the predetermined multiple is 1.5.
In some embodiments, the method for identifying a risk of fraud regarding a node task further comprises: acquiring the associated position of a task object of a task node for executing a node task, wherein the node task at least comprises the following steps: the task comprises a task for acquiring signatures of task objects and a task for surveying the task objects; and adjusting an association threshold setting for the task object in response to determining that the associated location of the task object belongs to the risk region.
In some embodiments, obtaining the operation information and the plurality of location information of the plurality of predetermined operations of the task node for the predetermined application comprises: in response to determining that the node task is a task for investigating a task object, determining whether a photographing operation of a predetermined application is performed; and in response to determining that the photographing operation of the predetermined application is performed, determining the current GPS data of the task node as location information corresponding to an image capturing operation or an uploading data operation with respect to the task object.
In some embodiments, determining the total number of target areas and the number of identical target areas associated with the plurality of location information comprises: circularly calculating the distance between every two pieces of position information in the plurality of pieces of position information; in response to determining that the distance between the two pieces of current position information is smaller than or equal to a predetermined distance threshold, determining target areas respectively associated with the two pieces of current position information as the same target area; calculating the number of the same target areas associated with a plurality of position information; and determining the number of the plurality of location information as the total number of the target area.
In some embodiments, determining the total number of target areas and the number of identical target areas associated with the plurality of location information comprises: converting longitude information and latitude information indicated by each of the plurality of pieces of location information into longitude binary data and latitude binary data, respectively, so as to merge the longitude binary data and the latitude binary data into one-dimensional longitude and latitude binary data, the longitude and latitude binary data including a plurality of numerical values; converting the longitude and latitude binary data into longitude and latitude decimal data by taking every five numerical values as a group so as to convert the longitude and latitude decimal data into position coding information corresponding to the position information based on a preset coding mode; determining the same block associated with the plurality of position information based on position encoding information corresponding to the position information and encoding information identifying a block of the predetermined area so as to determine the same block as the same target area, the predetermined area being divided into a plurality of blocks in advance based on latitude and longitude information of the predetermined area, and each of the plurality of blocks being identified by one encoding information determined by a predetermined encoding manner; calculating the number of the same target areas associated with a plurality of position information; and determining the total number of blocks corresponding to the converted position coding information as the total number of the target area.
In some embodiments, the method for identifying a risk of fraud regarding a node task further comprises: in response to the second preset time interval being reached, acquiring first operation position information based on the attribute of the first preset operation, wherein the first operation position information indicates the position of the task node when the first preset operation is executed; determining the number of identical target areas associated with the first operation position information; and calculating a first operation concentration ratio of positions where the task nodes perform a first predetermined operation within a second predetermined time interval based on the number of the same target areas and the total amount of the first operation position information, wherein the first predetermined operation is one of an operation on adding a new task object and an operation on submitting a request of the task object.
In some embodiments, determining that the predetermined time interval has been reached comprises: in response to determining that the first predetermined time interval is reached, determining the predetermined concentration threshold as a first predetermined concentration threshold; and in response to determining that the third predetermined time interval is reached, determining the predetermined concentration threshold as a third predetermined concentration threshold, the third predetermined time interval being greater than the first predetermined time interval, the third predetermined concentration threshold being less than the first predetermined concentration threshold.
In some embodiments, performing risk management operations for the node tasks assigned to the task node and the data about the task object from the task node based at least on the risk identification comprises: determining whether a task node is associated with a first risk identification; in response to determining that the task node is associated with the first risk identifier, determining whether the task node is associated with a second risk identifier; in response to determining that the task node is not associated with a second risk identification, sending a prompt to the task node and lowering the authority of the task node, the first risk identification being generated in response to determining that the concentration is greater than or equal to a first predetermined concentration threshold; and in response to determining that the task node is associated with a second risk identification, the second risk identification being generated in response to determining that the concentration is greater than or equal to a third predetermined concentration threshold, refraining from assigning the node task to the task node and not acknowledging task execution result data from the task node.
In some embodiments, determining that the predetermined time interval has been reached comprises: responding to the confirmation that the task node is associated with the risk identifier, and recording historical operation information and historical position information of the task node; generating a plurality of sample data for training a risk prediction model based on a plurality of recorded historical operation information and a plurality of recorded historical position information of a plurality of task nodes associated with risk identifications, wherein the risk prediction model is constructed based on a neural network model; training a risk prediction model based on the plurality of sample data, wherein the risk prediction model is used for extracting the operation information of the current task node and the characteristics of the plurality of position information so as to predict the risk probability of the current task node based on the extracted characteristics; and determining the relevance of the current task node and the risk identification based on the concentration and the risk probability.
This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the disclosure, nor is it intended to be used to limit the scope of the disclosure.
Drawings
Fig. 1 shows a schematic diagram of a system for a method of identifying fraud risk with respect to a node task according to an embodiment of the present disclosure.
Fig. 2 shows a flow diagram of a method for identifying fraud risk with respect to a node task according to an embodiment of the disclosure.
Fig. 3 schematically illustrates a flow chart of a method for determining a total number of target areas and a number of identical target areas associated with a plurality of location information according to another embodiment of the present disclosure.
Fig. 4 shows a flow chart of a method for determining a risk area according to an embodiment of the present disclosure.
Fig. 5 shows a flow chart of a method for determining a first concentration of operations according to an embodiment of the present disclosure.
FIG. 6 schematically shows a block diagram of an electronic device suitable for use to implement embodiments of the present disclosure.
Like or corresponding reference characters designate like or corresponding parts throughout the several views.
Detailed Description
Preferred embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While the preferred embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The term "include" and variations thereof as used herein is meant to be inclusive in an open-ended manner, i.e., "including but not limited to". Unless specifically stated otherwise, the term "or" means "and/or". The term "based on" means "based at least in part on". The terms "one example embodiment" and "one embodiment" mean "at least one example embodiment". The term "another embodiment" means "at least one additional embodiment". The terms "first," "second," and the like may refer to different or the same object.
As described above, in the conventional scheme for identifying fraud risk, the authenticity of information such as user attribute information and user signature is mainly collected and determined by service personnel performing a task, so that it is difficult to systematically and accurately identify fraud risk caused by fraudulent behaviors of task nodes or abnormal customer sources, and thus, convenience of users and systematic and accurate identification of fraud risk cannot be simultaneously ensured.
To address at least in part one or more of the above issues and other potential issues, example embodiments of the present disclosure propose a scheme for identifying a risk of fraud with respect to a node task that enables accurate acquisition of an actual geographic location at which a task node performs a business operation by acquiring operation information and a plurality of location information of the task node for a plurality of predetermined operations. In addition, by determining the number of the same target areas associated with a plurality of location information and calculating the concentration of locations where a task node performs a plurality of predetermined operations within a predetermined time interval, the present disclosure can accurately identify an aggregation location and an aggregation degree when the task node performs a service. And by associating the task node with the risk identifier when the concentration is determined to be higher than the predetermined concentration threshold associated with the predetermined time interval, so as to perform risk management and control operations on the node tasks assigned to the task node and the data about the task object from the task node based on the risk identifier, the method can perform the risk management and control operations on abnormal situations with over-concentrated positions when the task node performs business operations, and can automatically configure the concentration threshold of differences for comparison according to different predetermined time intervals so as to avoid identification errors caused by over-high concentration of individual periods due to accidental factors, so that convenience of users and system can be guaranteed simultaneously, and fraud risks about the node tasks can be accurately identified.
Fig. 1 shows a schematic diagram of a system 100 for implementing a method for identifying a risk of fraud with respect to a node task according to an embodiment of the present disclosure. As shown in fig. 1, the system 100 includes: the management device 110, a plurality of task nodes 130 (e.g., including a first task node 130-1 through an nth task node 130-N, where N is a positive integer), a plurality of task object user devices 140 (e.g., including a first user device 140-1 through an nth user device 140-M, where M is a positive integer), and a network 150. The management device 110 may interact with a plurality of task nodes 130, user devices 140 of task objects, in a wireless manner (e.g., network 150).
The management device 110 (e.g., a computing device) may have one or more processing units, including special purpose processing units such as GPUs, FPGAs, and ASICs, as well as general purpose processing units such as CPUs. In addition, one or more virtual machines may be running on each management device. The management device 110 includes, for example, at least: an operation information and position information obtaining unit 112, a target area number determining unit 114, a concentration calculation unit 116 in a predetermined time interval, a predetermined concentration threshold value comparison unit 118, a task node and risk identification association unit 120, and a risk management control operation unit 122.
Regarding the operation information and location information acquiring unit 112, it is configured to acquire, at the management device, operation information and a plurality of location information of a plurality of predetermined operations of the task node with respect to the predetermined application, the operation information indicating at least attributes of the plurality of predetermined operations, a plurality of corresponding times at which the task node performs the plurality of predetermined operations, each of the plurality of location information indicating a location where the task node is located when the corresponding predetermined operation is performed, the task node including the mobile device.
A number of target areas determination unit 114 for determining whether the predetermined time interval has been reached, and if it is determined that the predetermined time interval has been reached, determining a total number of target areas associated with the plurality of location information and a number of identical target areas based on a distance between the plurality of location information.
And a concentration calculation unit 116 in the predetermined time interval, configured to calculate a concentration of locations where the task nodes perform a plurality of predetermined operations in the predetermined time interval, based on the number of the same target areas and the total number of the target areas.
With respect to the predetermined concentration threshold comparison unit 118, it is used to determine whether the concentration is greater than or equal to a predetermined concentration threshold.
With respect to the task node and risk identification associating unit 120, it is configured to associate a task node with a risk identification if the concentration is determined to be greater than or equal to a predetermined concentration threshold, the predetermined concentration threshold being associated with a predetermined time interval.
And a risk management operation unit 122, configured to perform a risk management operation on the node tasks assigned to the task nodes and the data on the task object from the task nodes based on at least the risk identification.
Fig. 2 shows a flow diagram of a method 200 for identifying fraud risk with respect to a node task according to an embodiment of the disclosure. It should be understood that the method 200 may be performed, for example, at the electronic device 600 depicted in fig. 6. May also be performed at the management device 110 depicted in fig. 1. It should be understood that method 200 may also include additional acts not shown and/or may omit acts shown, as the scope of the disclosure is not limited in this respect.
At step 202, the management device 110 obtains operation information and a plurality of location information of a plurality of predetermined operations of the task node for a predetermined application, the operation information indicating at least attributes of the plurality of predetermined operations, a plurality of corresponding times at which the task node performs the plurality of predetermined operations, each of the plurality of location information indicating a location at which the task node is located when the corresponding predetermined operation is performed, the task node including a mobile device.
For example, the management device 110 may acquire (e.g., by means of a landed point) operation information and corresponding location information of all predetermined operations of a single task node for a predetermined application within a predetermined time interval. Operation information and corresponding location information of all predetermined operations for a predetermined application within a predetermined time interval by each of the plurality of task nodes may also be acquired.
With respect to the task node, it is for example and not limited to being a mobile device of a customer manager of a bank.
With respect to the node tasks performed by the task node, it includes, for example: a task for obtaining a signature of a task object, a task for conducting a survey on the task object. The node task is assigned to the task node by the management device 110, for example. If the management device 110 determines that a task node is associated with a risk identification indicating a high risk, the management device 110 may stop assigning node tasks to the task node.
Regarding the task object for which the node task is directed, it is, for example, a user or a client. Such as, but not limited to, a user applying for a loan. In some embodiments, in the case of task object authorization, when the task object operates a predetermined application, the management device 110 may obtain the location information of the task object, and then determine whether a fraud risk exists based on the association of the location information of the task object and the corresponding task node location information. In some embodiments, the management device 110 cannot obtain location information for the task object. The risk of fraud on node tasks is for example fraud from an abnormal customer source.
A plurality of predetermined operations performed with respect to the task node include, for example: the obtaining of the operation information and the location information of the plurality of predetermined operations of the task node for the predetermined application includes determining whether a photographing operation of the predetermined application is performed in response to determining that the node task is a task for investigation for the task object, and determining the current GPS data of the task node as the location information corresponding to the image collecting operation or the uploading data operation for the task object in response to determining that the photographing operation of the predetermined application is performed, by employing the above-described manner, so that the real location information of the task node is automatically obtained when the image data for the task object is collected via the predetermined application, this disclosure can avoid the artificial tampering of the acquisition location.
At step 204, the management device 110 determines whether a predetermined time interval has been reached. If the management device 110 determines that the predetermined time interval has not been reached, it jumps to step 202. The predetermined time interval is, for example, one week, two weeks, one month, or other predetermined time periods.
At step 206, if the management device 110 determines that the predetermined time interval has been reached, the total number of target areas associated with the plurality of location information and the number of the same target areas are determined. The plurality of location information mentioned is, for example, a plurality of locations where the task node is located when the task node performs all predetermined operations at predetermined time intervals.
The way of determining the total number of target areas and the number of identical target areas includes, for example: the management apparatus 110 calculates a distance between each two pieces of the plurality of pieces of position information in a loop; if the distance between the two pieces of current position information is smaller than or equal to a preset distance threshold value, determining target areas respectively associated with the two pieces of current position information as the same target area; calculating the number of the same target areas associated with a plurality of position information; and determining the number of the plurality of location information as the total number of the target area.
The manner regarding determining the distance between two of the plurality of location information may include various ways. The following describes a method of calculating the distance between two pieces of position information with reference to formula (1).
Figure 468670DEST_PATH_IMAGE001
(1)
In the above-mentioned formula (1),
Figure 854652DEST_PATH_IMAGE002
representing the longitude indicated by the first of the two location information.
Figure 368810DEST_PATH_IMAGE003
Representing the latitude indicated by the first location information.
Figure 232861DEST_PATH_IMAGE004
Is the latitude and longitude indicated by the first location information.
Figure 516075DEST_PATH_IMAGE005
Representing the longitude indicated by the second of the two location information.
Figure 72958DEST_PATH_IMAGE006
Representing the latitude indicated by the second location information.
Figure 808833DEST_PATH_IMAGE007
Is the latitude and longitude indicated by the second location information.
Figure 476574DEST_PATH_IMAGE008
Representing the distance between the two location information.
Figure 378409DEST_PATH_IMAGE009
Representing a constant.
Figure 840614DEST_PATH_IMAGE010
Figure 532627DEST_PATH_IMAGE011
Representing the mean radius of the earth. For example,
Figure 4060DEST_PATH_IMAGE012
the manner in which the same target region is determined may include a variety of ways. In some embodiments, the manner of determining the same target region includes, for example: the management device 110 determines whether the distance between the two pieces of location information is less than or equal to a predetermined distance threshold. If it is determined that the distance between the two pieces of location information is less than or equal to a predetermined distance threshold (the predetermined distance threshold is, for example, a range of plus or minus 50 meters), the target areas associated with the two pieces of location information are determined to be the same target area. Research shows that different task objects are located at different positions, and if business operations of a certain business node and different task objects frequently occur at the same place, the fact indicates that an exception may exist. Therefore, the distribution characteristics of the service operation sites within the predetermined time interval of the task node can be calculated by determining the same target area and the number thereof associated with the location information of the task node.
At step 208, the management device 110 calculates a concentration ratio of locations at which the task node performs a plurality of predetermined operations within a predetermined time interval, based on the number of identical target areas and the total number of target areas.
The manner of calculating the concentration includes various ways, for example. For example, a method of calculating the concentration ratio is described below in conjunction with formula (2).
Con= Nsame/Nsum (2)
In the above formula (1), Con represents the concentration of locations at which the task node performs a plurality of predetermined operations within a predetermined time interval. N is a radical ofsameRepresenting the number of identical target areas. N is a radical ofsumRepresenting the total number of target areas. E.g. the total number of target areas associated with location information involved in a certain task node performing all predetermined operations in a predetermined time interval (e.g. one month)The amount is 100, wherein the number of identical target areas is 80. The concentration of locations at which the task node performs all of the predetermined operations within the predetermined time interval is 80%.
At step 210, it is determined whether the concentration is greater than or equal to a predetermined concentration threshold. If the concentration of management devices 110 is less than the predetermined concentration threshold, the process jumps to step 202.
The way in which the predetermined concentration threshold is associated with the predetermined time interval is for example: determining the predetermined concentration threshold as a first predetermined concentration threshold if it is determined that a first predetermined time interval (e.g., one week) has been reached; and if it is determined that a third predetermined time (e.g., two week) interval has been reached, determining the predetermined concentration threshold as a third predetermined concentration threshold, the third predetermined time interval being greater than the first predetermined time interval, the third predetermined concentration threshold being less than the first predetermined concentration threshold. For example, if the predetermined time interval is one week, the associated predetermined concentration threshold is, for example, 60%. If the predetermined time interval is two weeks, the associated predetermined concentration threshold is, for example, 40%.
At step 212, if the management device 110 determines that the concentration is greater than or equal to a predetermined concentration threshold, the task node is associated with a risk identification, the predetermined concentration threshold being associated with a predetermined time interval.
For example, if the concentration of locations where a task node performs all of the predetermined operations for a week is 80%, exceeding an associated predetermined concentration threshold, i.e., 60% (the threshold being associated with, for example, a predetermined time interval of the week), the task node is associated with a risk indicator indicating an intermediate risk (the risk indicator being, for example, a first risk indicator). If the concentration of locations where it performed all the predetermined operations within two weeks is 50%, for example still exceeds the corresponding predetermined concentration threshold value of 40% (which threshold value corresponds for example to a predetermined time interval of one month), the task node is associated with a risk indicator indicating a high risk (which risk indicator is for example a second risk indicator). In some embodiments, if the management device 110 determines that a certain task node repeatedly appears in the target area associated with the highest concentration per unit time interval unit (e.g., every week) in a predetermined time interval (e.g., a month) (e.g., the target area associated with the highest concentration of at least one day per week of each month is repeated), the task node is associated with a risk identification. Therefore, the abnormal phenomenon that the task node business operation aggregation areas are overlapped repeatedly can be identified, and risk identification is carried out.
In some embodiments, the management device 110 may also identify the target area associated with the highest concentration of task nodes within a predetermined time interval; then, based on the attribute of the predetermined operation, determining whether the task node comprises a submission operation related to the task object data in the predetermined operation executed by the target area associated with the highest concentration; and if the task node is determined not to include a submission operation on the task object data in the predetermined operation performed by the target area associated with the highest concentration, associating the task node with the risk identification. Thus, an abnormal situation that the task node has not submitted the task object data at the position where the business operation is most concentrated can be identified.
At step 214, the management device 110 performs a risk management operation for the node tasks assigned to the task nodes and the data from the task nodes regarding the task objects based at least on the risk identification.
A method regarding risk management operations, for example, includes: determining whether a task node is associated with a first risk identification; if the task node is determined to be associated with the first risk identifier, determining whether the task node is associated with the second risk identifier; if the task node is determined not to be associated with the second risk identification, sending prompt information to the task node and reducing the authority of the task node, wherein the first risk identification is generated in response to the determination that the concentration is greater than or equal to a first preset concentration threshold; and if the task node is determined to be associated with a second risk identification, prohibiting assignment of the node task to the task node and not acknowledging task execution result data from the task node, the second risk identification being generated in response to determining that the concentration is greater than or equal to a third predetermined concentration threshold.
In the above scheme, by acquiring the operation information and the position information of the task node for the predetermined operations, the method and the device can accurately acquire the actual geographic position of the task node for executing the business operation. In addition, by determining the number of the same target areas associated with a plurality of location information and calculating the concentration of locations where a task node performs a plurality of predetermined operations within a predetermined time interval, the present disclosure can accurately identify an aggregation location and an aggregation degree when the task node performs a service. And by associating the task node with the risk identifier when the concentration is determined to be higher than the predetermined concentration threshold associated with the predetermined time interval, so as to perform risk management and control operations on the node tasks assigned to the task node and the data about the task object from the task node based on the risk identifier, the method can perform the risk management and control operations on abnormal situations with over-concentrated positions when the task node performs business operations, and can automatically configure the concentration threshold of differences for comparison according to different predetermined time intervals so as to avoid identification errors caused by over-high concentration of individual periods due to accidental factors, so that convenience of users and system can be guaranteed simultaneously, and fraud risks about the node tasks can be accurately identified.
In some embodiments, the method 200 further comprises: if the management device 110 confirms that the task node is associated with the risk identification, the historical operation information and the historical position information of the task node are recorded. The recorded historical operation information and the historical position information can reflect the relevance and the characteristics of the operation behavior and the position of the task node with the risk.
Then, the management device 110 generates a plurality of sample data for training a risk prediction model based on the plurality of historical operation information and the plurality of historical location information of the plurality of task nodes having the associated risk identification, the risk prediction model being constructed based on the neural network model. With respect to the risk prediction model, it is constructed, for example and without limitation, based on the deep fm model. The deep FM model mainly comprises: sparse feature layers, dense embedding layers, FM and Deep portions, and output layers. The output data on the risk prediction model, which is for example the predicted risk probability for the current task node. Input data regarding the risk prediction model, which include, for example, features of predetermined operation categories, predetermined operation time features, location information. The predetermined operation category characteristics include, for example, at least: collection operation features of attribute information on the task object, upload operation features of image data on the task object, collection operation features of image data on the task object, submission operation features of loan application on the task object, and the like. The input data of the risk prediction model described above is generated, for example, via a washing, filling, normalization process, and stitching process, respectively.
Thereafter, the management device 110 trains a risk prediction model for extracting features of the operation information and the plurality of location information of the current task node based on the plurality of sample data so as to predict a risk probability with respect to the current task node based on the extracted features.
The management device 11 is based on the concentration and risk probability in order to determine the association of the current task node with the risk identity.
In the scheme, whether the task nodes have risks is determined by integrating concentration comparison and different risk probability identification means predicted by a risk prediction model, and the identification result based on the typical risk identification rule and the prediction result based on the prediction model can be checked with each other, so that the typical risks and the atypical risks can be identified, and the fraud risks related to the node tasks can be identified more comprehensively.
Fig. 3 shows a flow diagram of a method 300 for determining a total number of target areas and a number of identical target areas associated with a plurality of location information according to another embodiment of the present disclosure. It should be understood that the method 300 may be performed, for example, at the electronic device 600 depicted in fig. 6. May also be performed at the management device 110 depicted in fig. 1.
At step 302, the management apparatus 110 converts the longitude information and the latitude information indicated by each of the plurality of location information into longitude binary data and latitude binary data, respectively, so as to merge the longitude binary data and the latitude binary data into one-dimensional longitude and latitude binary data, the longitude and latitude binary data including a plurality of numerical values.
It should be understood that the longitude range is east longitude 180 to west longitude 180, the latitude range is south latitude 90 to north latitude 90, and if the west longitude is negative, the east longitude is positive, the south latitude is negative, the north latitude is positive, the earth longitude range is [ -180, 180], and the latitude range is [ -90, 90 ]. The earth can be divided into 4 large blocks if bounded by the meridian and equator. Correspondingly, latitude ranges of-90 °, 0 ° can be represented by binary 0, (0 °, 90 ° ] by binary 1, longitude ranges of-180 °, 0 ° by binary 0, and (0 °, 180 ° ] by binary 1. In a similar way, the large blocks are then recursively subdivided into smaller blocks in half, for example, blocks in the latitude range of [ -90, 90], and in half into smaller blocks in the latitude ranges (0 °, 90 ° ] and [ -90 °, 0 °). For example, a block corresponding to a latitude range (0 °, 90 °) is further divided into two halves of a smaller block latitude range (0 °,45 °) and a latitude range (45 °, 90 ° ]. the block corresponding to the latitude range (0 °,45 ° ] is further divided into two halves of a latitude range (0 °,22.5 ° ] and a latitude range (22.5 °,45 °), and so on, which are not repeated.
The method of converting the longitude information and the latitude information indicated by each of the plurality of pieces of location information into longitude binary data and latitude binary data, respectively, includes, for example: the management apparatus 110 determines in which blocks the longitude information and the latitude information indicated by each corresponding location information respectively fall, and then determines the converted longitude binary data and latitude binary data according to the corresponding binary codes of the blocks, for example, the longitude and latitude information of the location information is (37.13579, 110.24680), where the latitude information 37.13579 is the converted latitude binary data is illustrated as 1011100 … 1. Longitude binary data converted by the longitude information 110.24680 is illustrated as 1101001 … 0.
The manner in which the management apparatus 110 merges the binary longitude data and the binary latitude data into binary one-dimensional longitude and latitude data includes, for example: the longitude binary data is made to occupy even digits, the latitude binary data is made to occupy odd digits, and the even digits and the odd digits are combined in sequence to generate one-dimensional longitude and latitude binary data. By adopting the above-mentioned means, the two-dimensional longitude binary data and latitude binary data can be converted into one-dimensional binary code.
At step 304, the management device 110 converts the latitude and longitude binary data into latitude and longitude decimal data for every five numerical values in a set so as to convert the latitude and longitude decimal data into position code information corresponding to the position information based on a predetermined coding scheme.
The method of converting the longitude and latitude binary data into the longitude and latitude decimal data includes, for example: the management device 110 divides the merged one-dimensional longitude and latitude binary data into 5 bits each so as to calculate decimal data of each cell, respectively. In some embodiments, when the one-dimensional longitude and latitude binary data is sliced by 5 digits, the maximum decimal result per unit is 31 so as to match a predetermined coding scheme for converting the longitude and latitude decimal data into position coded information.
As for the predetermined encoding method, for example, without limitation, Base32 encoding is used. The manner in which the latitude and longitude decimal data is converted to position encoded information is illustrated, for example, in table 1 below.
Figure 996286DEST_PATH_IMAGE013
At step 306, the management device 110 determines the same block associated with the plurality of location information based on the location code information corresponding to the location information and the code information identifying the block of the predetermined area so as to determine the same block as the same target area, the predetermined area is divided into a plurality of blocks based on the latitude and longitude information of the predetermined area in advance, and each of the plurality of blocks is identified by one code information determined by a predetermined coding manner.
For example, the transformed position-coding information is the coding information of the corresponding block. Whether the blocks associated with the corresponding position information are the same block can be determined according to whether the coding information of the blocks corresponding to the converted position coding information is the same. The length or width of the block is determined by the length of a predetermined code (e.g., without limitation, a geohash code), for example, as shown in table 2 below.
Figure 629393DEST_PATH_IMAGE014
At step 308, the management device 110 calculates the number of the same target areas associated with the plurality of location information. For example, the management device 110 may calculate the number of identical tiles determined based on the converted position-coding information.
At step 310, the management device 110 determines the total number of blocks corresponding to the converted position-coding information as the total number of the target area.
For example, the concentration ratio at this time = the number of identical blocks/the total number of blocks.
Therefore, the aggregation area of the task node during business operation execution can be accurately identified, and the accuracy of calculating the position aggregation degree of the task node during business operation execution is improved.
Fig. 4 schematically shows a flow chart of a method 400 for determining a risk area according to an embodiment of the present disclosure. It should be understood that the method 400 may be performed, for example, at the electronic device 600 depicted in fig. 6. May also be performed at the management device 110 depicted in fig. 1.
At step 402, the management device 110 obtains a plurality of historical location information corresponding to a plurality of task nodes performing a predetermined operation with respect to a predetermined application, so as to form a historical location information sample set.
At step 404, the management apparatus 110 selects a partial number of the history location information as a cluster center of the plurality of clusters from the plurality of history location information. For example, computing device 110 may include n pieces of historical location information
Figure 339860DEST_PATH_IMAGE015
Historical location information sample set of
Figure 597009DEST_PATH_IMAGE016
K pieces of historical position information are selected as cluster center
Figure 178163DEST_PATH_IMAGE017
. Wherein 1 is< k ≤ n。
At step 406, the computing device 110 determines, for each remaining historical location information in the historical location information sample set other than the plurality of cluster centers, a plurality of distances between the remaining historical location information and the plurality of cluster centers, respectively, so as to assign the remaining historical location information to the cluster to which the cluster center closest to the remaining historical location information belongs.
The manner of calculating the distance between the remaining historical location information and the center of each cluster class is described below in connection with equation (3).
Figure 982171DEST_PATH_IMAGE018
(3)
In the above-mentioned formula (3),
Figure 445513DEST_PATH_IMAGE019
represents the ith historical position information, wherein i is more than or equal to 1 and less than or equal to n.
Figure 727590DEST_PATH_IMAGE020
Represents the j cluster center, wherein j is more than or equal to 1 and less than or equal to k.
Figure 694409DEST_PATH_IMAGE021
The t-th attribute (e.g., two attributes of longitude and latitude) representing the i-th historical location information, 1 ≦ t ≦ m (m is 2),
Figure 669318DEST_PATH_IMAGE022
the t-th attribute representing the jth cluster center of the class.
For example, the distance from each piece of remaining historical location information to each cluster center is sequentially compared, and the remaining historical location information is allocated to the cluster to which the cluster center closest to the remaining historical location information belongs, for example, k clusters are obtained
Figure 587333DEST_PATH_IMAGE023
At step 408, the computing device 110 updates, for each of a plurality of class clusters to which the plurality of class cluster centers belong, a class cluster center of the class cluster based on the plurality of historical location information assigned to the class cluster. The manner of updating the cluster center of the cluster is described below with reference to equation (4).
Figure 204259DEST_PATH_IMAGE024
(4)
In the above-mentioned formula (4),
Figure 291164DEST_PATH_IMAGE025
a cluster center representing the ith cluster,
Figure 702554DEST_PATH_IMAGE026
Figure 343751DEST_PATH_IMAGE027
represents the number of historical location information in the ith class cluster,
Figure 233209DEST_PATH_IMAGE028
represents the ith historical position information in the ith cluster, wherein
Figure 174621DEST_PATH_IMAGE029
At step 410, the computing device 110 determines whether a plurality of cluster centers of the plurality of clusters no longer change. That is, it is determined whether the updated plurality of cluster centers are the same as the plurality of cluster centers before updating, and if so, it indicates that the plurality of cluster centers are not changed, otherwise, it is determined that the plurality of cluster centers of the plurality of clusters are changed. If, at step 410, computing device 110 determines that at least one cluster center of the plurality of clusters has changed, then it returns to step 404.
If, at step 410, computing device 110 determines that the cluster centers of the plurality of clusters no longer change, at step 412, management device 110 sorts the historical location information in the clusters in a decreasing manner with respect to the intra-cluster distance of the corresponding cluster center.
At step 414, the management apparatus 110 determines whether the distance within two clusters whose sort order is the predetermined order satisfies a predetermined condition.
At step 416, if the management apparatus 110 determines that the distance between the two clusters sorted in the predetermined order satisfies the predetermined condition, the area within the predetermined range from the historical location information associated with the cluster center of the cluster is determined as the risk area. If the management apparatus 110 determines that the distance between the two clusters sorted in the predetermined order does not satisfy the predetermined condition, an area within a predetermined range from the historical location information associated with the cluster center of the class is determined as a non-risk area at step 418.
The manner of determining that the distance between two clusters having the predetermined sorting order satisfies the predetermined condition includes, for example: determining the sorting order as a first and a second first intra-cluster distance and a second intra-cluster distance respectively; if the distance in the first cluster is determined to be larger than or equal to the distance in the second cluster of the preset multiple, the historical position information associated with the cluster center of the class is used as risk historical position information; and determining an area within a predetermined range from the risk history location information as a risk area.
As for the predetermined multiple, it is, for example, without limitation, 1.5. For example, the first intra-cluster distance is
Figure 756912DEST_PATH_IMAGE030
(ii) a A second cluster inner distance of
Figure 652449DEST_PATH_IMAGE031
If, if
Figure 345598DEST_PATH_IMAGE032
Then the distance risk historical position information is predeterminedThe area within the range is determined as the risk area.
Fig. 5 illustrates a flow diagram of a method 500 for confirming a first concentration of operations associated with a first predetermined operation, in accordance with an embodiment of the present disclosure. It should be understood that the method 500 may be performed, for example, at the electronic device 600 depicted in fig. 6. May also be performed at the management device 110 depicted in fig. 1.
At step 502, the management device 110 confirms whether the second predetermined time interval has been reached. If the management device 110 confirms that the second predetermined time interval has not been reached, it continues to wait at step 502. The second predetermined time interval may be the same as or different from the first predetermined time interval.
At step 504, if the management device 110 confirms that the second predetermined time interval is reached, first operation location information indicating a location of the task node where the first predetermined operation is performed is acquired based on the attribute of the first predetermined operation.
At step 506, the management device 110 determines the number of identical target areas associated with the first operational location information. The manner of determining the same target area associated with the first operation position information is, for example, as described above, and will not be described herein again.
At step 508, the management device 110 calculates a first operation concentration ratio of a location at which the task node performs a first predetermined operation within a second predetermined time interval, based on the number of the same target areas and the total number of the first operation location information, the first predetermined operation being one of an operation on adding a new task object and an operation on submitting a request for a task object.
Therefore, the aggregation degree of the task nodes in the process of executing the key operation can be accurately identified, so that the aggregation degree of the operation actions with higher fraud risks can be accurately determined.
FIG. 6 schematically illustrates a block diagram of an electronic device (or computing device) 600 suitable for use to implement embodiments of the present disclosure. The device 600 may be a device for implementing the method 200 to 500 shown in fig. 2 to 5. As shown in fig. 6, device 600 includes a Central Processing Unit (CPU) 601 that may perform various appropriate actions and processes in accordance with computer program instructions stored in a Read Only Memory (ROM) 602 or loaded from a storage unit 608 into a Random Access Memory (RAM) 603. In the RAM603, various programs and data required for the operation of the device 600 can also be stored. The CPU 601, ROM 602, and RAM603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
A number of components in the device 600 are connected to the I/O interface 605, including: an input unit 606, an output unit 607, a storage unit 608, a processing unit 601 performs the respective methods and processes described above, e.g. performing the methods 200 to 500. For example, in some embodiments, the methods 200-500 may be implemented as a computer software program stored on a machine-readable medium, such as the storage unit 608. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 600 via the ROM 602 and/or the communication unit 609. When the computer program is loaded into RAM603 and executed by CPU 601, one or more of the operations of methods 200-500 described above may be performed. Alternatively, in other embodiments, CPU 601 may be configured by any other suitable means (e.g., by way of firmware) to perform one or more acts of methods 200-500.
It should be further appreciated that the present disclosure may be embodied as methods, apparatus, systems, and/or computer program products. The computer program product may include a computer-readable storage medium having computer-readable program instructions embodied thereon for carrying out various aspects of the present disclosure.
The computer readable storage medium may be a tangible device that can hold and store the instructions for use by the instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device, such as punch cards or in-groove projection structures having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media as used herein is not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (e.g., optical pulses through a fiber optic cable), or electrical signals transmitted through electrical wires.
The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a respective computing/processing device, or to an external computer or external storage device via a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. The network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in the respective computing/processing device.
The computer program instructions for carrying out operations of the present disclosure may be assembler instructions, Instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, the electronic circuitry that can execute the computer-readable program instructions implements aspects of the present disclosure by utilizing the state information of the computer-readable program instructions to personalize the electronic circuitry, such as a programmable logic circuit, a Field Programmable Gate Array (FPGA), or a Programmable Logic Array (PLA).
Various aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
These computer-readable program instructions may be provided to a processor in a voice interaction device, a processing unit of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processing unit of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer-readable program instructions may also be stored in a computer-readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer-readable medium storing the instructions comprises an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Having described embodiments of the present disclosure, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
The above are merely alternative embodiments of the present disclosure and are not intended to limit the present disclosure, which may be modified and varied by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.

Claims (14)

1. A method for identifying fraud risk with respect to a node task, comprising:
at a management device, obtaining operation information and a plurality of position information of a task node for a plurality of predetermined operations of a predetermined application, the operation information indicating at least attributes of the plurality of predetermined operations and a plurality of corresponding times at which the task node performs the plurality of predetermined operations, each of the plurality of position information indicating a location at which the task node is located when the corresponding predetermined operation is performed, the task node including a mobile device;
in response to determining that a predetermined time interval has been reached, determining a total number of target areas and a number of identical target areas associated with the plurality of location information based on distances between the plurality of location information;
based on the number of the same target areas and the total number of the target areas, calculating the concentration ratio of the positions of the task nodes when the task nodes execute the plurality of preset operations in the preset time interval;
in response to determining that the concentration is greater than or equal to a predetermined concentration threshold, associating the task node with a risk identification, the predetermined concentration threshold associated with the predetermined time interval; and
and performing risk management and control operation on the node tasks distributed to the task nodes and the data about the task objects from the task nodes at least based on the risk identification.
2. The method of claim 1, further comprising:
acquiring a plurality of historical position information corresponding to a plurality of task nodes executing a predetermined operation aiming at the predetermined application so as to form a historical position information sample set;
selecting a part of amount of historical position information from the plurality of pieces of historical position information as class cluster centers of a plurality of class clusters;
for each remaining historical position information except for a plurality of cluster centers in the historical position information sample set, respectively determining a plurality of distances between the remaining historical position information and the plurality of cluster centers so as to distribute the remaining historical position information to the cluster to which the cluster center closest to the remaining historical position information belongs;
updating, for each of a plurality of class clusters to which a plurality of class cluster centers belong, a class cluster center of the class cluster based on a plurality of pieces of historical position information allocated to the class cluster;
determining whether a plurality of cluster centers of the plurality of clusters no longer change;
in response to determining that a plurality of cluster centers of the plurality of cluster clusters no longer change, sorting in a decreasing manner for intra-cluster distances of historical location information in the cluster clusters from corresponding cluster centers; and
and in response to determining that the distance between the two clusters with the predetermined sorting sequence meets a predetermined condition, determining the area within a predetermined range of the historical position information distance associated with the cluster center as a risk area.
3. The method of claim 2, wherein determining that the two intra-cluster distances in the predetermined order satisfy the predetermined condition comprises:
determining the sorting order as a first and a second first intra-cluster distance and a second intra-cluster distance respectively;
in response to determining that the first intra-cluster distance is greater than or equal to a second intra-cluster distance of a predetermined multiple, taking historical location information associated with the cluster center of the class as risk historical location information; and
and determining an area within a preset range from the risk historical position information as a risk area.
4. The method of claim 3, wherein the predetermined multiple is 1.5.
5. The method of claim 2, further comprising:
acquiring the associated position of a task object of a task node for executing a node task, wherein the node task at least comprises the following steps: the task comprises a task for acquiring signatures of task objects and a task for surveying the task objects; and
adjusting an association threshold setting for the task object in response to determining that the associated location of the task object belongs to the risk region.
6. The method of claim 1, wherein obtaining operational information and location information for a plurality of predetermined operations of a task node for a predetermined application comprises:
in response to determining that the node task is a task for investigating a task object, determining whether a photographing operation of the predetermined application is performed; and
in response to determining that the photographing operation of the predetermined application is performed, determining the current GPS data of the task node as location information corresponding to an image capturing operation or an uploading data operation with respect to the task object.
7. The method of claim 1, wherein determining the total number of target areas and the number of identical target areas associated with the plurality of location information comprises:
circularly calculating the distance between every two pieces of position information in the plurality of pieces of position information;
in response to determining that the distance between the two pieces of current position information is smaller than or equal to a predetermined distance threshold, determining target areas respectively associated with the two pieces of current position information as the same target area;
calculating a number of the same target areas associated with the plurality of location information; and
determining the number of the plurality of location information as a total number of target areas.
8. The method of claim 1, wherein determining the total number of target areas and the number of identical target areas associated with the plurality of location information comprises:
converting longitude information and latitude information indicated by each of the plurality of pieces of location information into longitude binary data and latitude binary data, respectively, so as to merge the longitude binary data and the latitude binary data into one-dimensional longitude and latitude binary data, the longitude and latitude binary data including a plurality of numerical values;
converting the longitude and latitude binary data into longitude and latitude decimal data by taking every five numerical values as a group so as to convert the longitude and latitude decimal data into position coding information corresponding to the position information based on a preset coding mode;
determining identical blocks associated with a plurality of position information based on position encoding information corresponding to the position information and encoding information identifying blocks of a predetermined area, so as to determine the identical blocks as identical target areas, the predetermined area being divided into a plurality of blocks based on latitude and longitude information of the predetermined area in advance, and each of the plurality of blocks being identified by encoding information determined by a predetermined encoding manner;
calculating a number of the same target areas associated with the plurality of location information; and
and determining the total number of the blocks corresponding to the converted position coding information as the total number of the target area.
9. The method of claim 1, further comprising;
in response to reaching a second preset time interval, acquiring first operation position information based on the attribute of a first preset operation, wherein the first operation position information indicates the position of the task node when the first preset operation is executed;
determining a number of identical target areas associated with the first operational location information;
and calculating a first operation concentration ratio of positions of the task nodes when the task nodes perform the first predetermined operation in the second predetermined time interval based on the number of the same target areas and the total amount of first operation position information, wherein the first predetermined operation is one of an operation of adding a new task object and an operation of submitting a request of the task object.
10. The method of claim 1, wherein determining that a predetermined time interval is reached comprises:
in response to determining that the first predetermined time interval is reached, determining the predetermined concentration threshold as a first predetermined concentration threshold; and
in response to determining that a third predetermined time interval is reached, determining a predetermined concentration threshold as a third predetermined concentration threshold, the third predetermined time interval being greater than the first predetermined time interval, the third predetermined concentration threshold being less than the first predetermined concentration threshold.
11. The method of claim 10, wherein performing risk management operations for node tasks assigned to the task node and data from the task node regarding task objects based at least on the risk identification comprises:
determining whether the task node is associated with a first risk identification;
in response to determining that the task node is associated with the first risk identification, determining whether the task node is associated with a second risk identification;
in response to determining that the task node is not associated with the second risk identification, sending a prompt to the task node and reducing the authority of the task node, the first risk identification generated in response to determining that the concentration is greater than or equal to the first predetermined concentration threshold; and
in response to determining that the task node is associated with the second risk identification, the second risk identification generated in response to determining that the concentration is greater than or equal to the third predetermined concentration threshold, refraining from assigning node tasks to the task node and not acknowledging task execution result data from the task node.
12. The method of claim 1, further comprising:
in response to the task node being confirmed to be associated with the risk identification, recording historical operation information and historical position information of the task node;
generating a plurality of sample data for training a risk prediction model based on a plurality of recorded historical operation information and a plurality of recorded historical position information of a plurality of task nodes associated with risk identifications, wherein the risk prediction model is constructed based on a neural network model; and
training the risk prediction model based on the plurality of sample data, the risk prediction model being used for extracting the operating information of the current task node and the characteristics of a plurality of position information so as to predict the risk probability of the current task node based on the extracted characteristics;
and determining the relevance of the current task node and the risk identification based on the concentration and the risk probability.
13. A computing device, comprising:
one or more processors; and
storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to carry out the method of any one of claims 1-12.
14. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-12.
CN202110005191.0A 2021-01-05 2021-01-05 Methods, computing devices, and media for identifying fraud risk with respect to node tasks Active CN112330332B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110005191.0A CN112330332B (en) 2021-01-05 2021-01-05 Methods, computing devices, and media for identifying fraud risk with respect to node tasks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110005191.0A CN112330332B (en) 2021-01-05 2021-01-05 Methods, computing devices, and media for identifying fraud risk with respect to node tasks

Publications (2)

Publication Number Publication Date
CN112330332A true CN112330332A (en) 2021-02-05
CN112330332B CN112330332B (en) 2021-05-07

Family

ID=74302156

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110005191.0A Active CN112330332B (en) 2021-01-05 2021-01-05 Methods, computing devices, and media for identifying fraud risk with respect to node tasks

Country Status (1)

Country Link
CN (1) CN112330332B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117294530A (en) * 2023-11-24 2023-12-26 深圳市中燃科技有限公司 Industrial Internet identification analysis secondary node data security management method and system
WO2024083034A1 (en) * 2022-10-20 2024-04-25 索尼集团公司 Electronic device and method for wireless communication, and computer-readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104679777A (en) * 2013-12-02 2015-06-03 中国银联股份有限公司 Method and system for detecting fraudulent trading
CN107431639A (en) * 2015-08-26 2017-12-01 华为技术有限公司 Shared risk group is neighbouring and method
CN109299747A (en) * 2018-10-24 2019-02-01 北京字节跳动网络技术有限公司 Determination method, apparatus, computer equipment and the storage medium at one type cluster center
CN111260215A (en) * 2020-01-15 2020-06-09 中国平安财产保险股份有限公司 Risk early warning method and related device
CN111882150A (en) * 2020-06-16 2020-11-03 贵州大学 Food safety risk early warning method combining neural network and analytic hierarchy process
CN111932262A (en) * 2020-09-27 2020-11-13 南京吉拉福网络科技有限公司 Methods, computing devices, and media for identifying transaction risk with respect to consumption credentials

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104679777A (en) * 2013-12-02 2015-06-03 中国银联股份有限公司 Method and system for detecting fraudulent trading
CN107431639A (en) * 2015-08-26 2017-12-01 华为技术有限公司 Shared risk group is neighbouring and method
CN109299747A (en) * 2018-10-24 2019-02-01 北京字节跳动网络技术有限公司 Determination method, apparatus, computer equipment and the storage medium at one type cluster center
CN111260215A (en) * 2020-01-15 2020-06-09 中国平安财产保险股份有限公司 Risk early warning method and related device
CN111882150A (en) * 2020-06-16 2020-11-03 贵州大学 Food safety risk early warning method combining neural network and analytic hierarchy process
CN111932262A (en) * 2020-09-27 2020-11-13 南京吉拉福网络科技有限公司 Methods, computing devices, and media for identifying transaction risk with respect to consumption credentials

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024083034A1 (en) * 2022-10-20 2024-04-25 索尼集团公司 Electronic device and method for wireless communication, and computer-readable storage medium
CN117294530A (en) * 2023-11-24 2023-12-26 深圳市中燃科技有限公司 Industrial Internet identification analysis secondary node data security management method and system
CN117294530B (en) * 2023-11-24 2024-05-14 深圳市中燃科技有限公司 Industrial Internet identification analysis secondary node data security management method and system

Also Published As

Publication number Publication date
CN112330332B (en) 2021-05-07

Similar Documents

Publication Publication Date Title
AU2020245462B2 (en) Verification of electronic identity components
CN109993233B (en) Method and system for predicting data auditing objective based on machine learning
CN112118551B (en) Equipment risk identification method and related equipment
CN112330332B (en) Methods, computing devices, and media for identifying fraud risk with respect to node tasks
CN109118224A (en) Proof of work method, apparatus, medium and the electronic equipment of block chain network
US11494848B2 (en) Risk-transfer configurator and simulation engine providing forward- and backward-looking measures for steering and adjustments of risk-driven portfolios of underwriting objects and method thereof
CN110674360B (en) Tracing method and system for data
CN110633726A (en) Room source identification method and device, storage medium and electronic equipment
CN111931047B (en) Artificial intelligence-based black product account detection method and related device
CN107657357B (en) Data processing method and device
CN109690571A (en) Group echo system and method based on study
CN110197078B (en) Data processing method and device, computer readable medium and electronic equipment
CN107798450B (en) Service distribution method and device
CN117056620A (en) Method, device, equipment and medium for processing business based on professional information
CN115114666B (en) Attendance data privacy calculation method and system based on blockchain
CN115982241A (en) Data processing method and device, electronic equipment and computer readable medium
CN113269179B (en) Data processing method, device, equipment and storage medium
Tsai et al. Simulation optimization in security screening systems subject to budget and waiting time constraints
CN116703555A (en) Early warning method, early warning device, electronic equipment and computer readable medium
CN115168848A (en) Interception feedback processing method based on big data analysis interception
CN115358894A (en) Intellectual property life cycle trusteeship management method, device, equipment and medium
CN113537806A (en) Abnormal user identification method and device, electronic equipment and readable storage medium
CN111882415A (en) Training method and related device of quality detection model
US20230244868A1 (en) Visualization of the impact of training data
CN116933123A (en) Method, device, equipment and storage medium for predicting liveness of guest user

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant